October 31, 2011
Volume XXXVII, Issue 2

"Blacklist" Bill: Would "Effectively Eliminate" the DMCA

This is an industry with mixed feelings about the Digital Millennium Copyright Act (DMCA), to say the least. Tech companies love it, but content creators are finding it nearly impossible to police unauthorized use of their work, and worse, many feel that the law is simply being exploited by companies like Grooveshark.

Which is why reactions have also been mixed on the Stop Online Piracy Act (SOPA), the House's version of PROTECT-IP. Both call for stepped-up enforcement capabilities against infringing sites, and give the Department of Justice (DoJ) broad enforcement oversight. The Electronic Frontier Foundation (EFF) feels this is now going way too far, and will ultimately create an even bigger mess by "effectively eliminating DMCA safe harbor provisions." The following guest post comes from EFF intellectual property director Corynne McSherry, who says SOPA is what really needs to be stopped.

"We've reported often on efforts to ram through Congress legislation that would authorize massive interference with the Internet, all in the name of a fruitless quest to stamp out all infringement online. On Wednesday, Representative Lamar Smith upped the ante, introducing legislation, called the Stop Online Piracy Act, or 'SOPA,' that would not only sabotage the domain name system but would also threaten to effectively eliminate the DMCA safe harbors that, while imperfect, have spurred much economic growth and online creativity.

As with its Senate-side evil sister, PROTECT-IP, SOPA would require service providers to 'disappear' certain websites, endangering Internet security and sending a troubling message to the world: it's okay to interfere with the Internet, even effectively blacklisting entire domains, as long as you do it in the name of IP enforcement.

Of course blacklisting entire domains can mean turning off thousands of underlying websites that may have done nothing wrong. And in what has to be an ironic touch, the very first clause of SOPA states that it shall not be 'construed to impose a prior restraint on free speech.' As if that little recitation could prevent the obvious constitutional problem in what the statute actually does.

But it gets worse. Under this bill, service providers (including hosting services) would be under new pressure to monitor and police their users' activities. Websites that simply don't do enough to police infringement (and it is not at all clear what would qualify as 'enough') are now under threat, even though the DMCA expressly does not require affirmative policing. It creates new enforcement tools against folks who dare to help users access sites that may have been 'blacklisted,' even without any kind of court hearing.

The bill also requires that search engines, payment providers (such as credit card companies and PayPal), and advertising services join in the fun in shutting down entire websites. In fact, the bill seems mainly aimed at creating an end-run around the DMCA safe harbors. Instead of complying with the DMCA, a copyright owner may now be able to use these new provisions to effectively shut down a site by cutting off access to its domain name, its search engine hits, its ads, and its other financing even if the safe harbors would apply.

And that's only the beginning: we haven't even started on the streaming provisions. We'll have more details on the bill in the next several days but suffice it to say, this is the worst piece of IP legislation we've seen in the last decade - and that's saying something. This would be a good time to contact your Congressional representative and tell them to oppose this bill!"

According to the official NIST definition, "cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

The definition is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion - from what is cloud computing to how to best use cloud computing.

"When agencies or companies use this definition," says NIST computer scientist Peter Mell, "they have a tool to determine the extent to which the information technology implementations they are considering meet the cloud characteristics and models.

This is important because by adopting an authentic cloud, they are more likely to reap the promised benefits of cloud - cost savings, energy savings, rapid deployment, and customer empowerment. And matching an implementation to the cloud definition can assist in evaluating the security properties of the cloud."

The first draft of the cloud computing definition was created in November 2009.

"We went through many versions while vetting it with government and industry before we had a stable one," adds Mell. That one, version 15, was posted to the NIST cloud computing website in July 2009. In January 2011 that version was published for public comment as public draft SP 800-145.

Researchers received a large amount of feedback, which mainly dealt with interpretations. The definition from draft to final remained substantively the same and only a modest number of changes were made to ensure consistent interpretations. Here then is the NIST definition in its entirety:

"The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347.

NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets; but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), 'Securing Agency Information Systems,' as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III.

This guideline has been prepared for use by Federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright, though attribution is desired.

Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority, nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other Federal official.

Cloud computing is an evolving paradigm. The NIST definition characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing. The service and deployment models defined form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation.

The intended audience of this document is system planners, program managers, technologists, and others adopting cloud computing as consumers or providers of cloud services.

The NIST Definition of Cloud Computing

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

Essential Characteristics:

On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).

Resource pooling. The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.

Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Service Models:

Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure2. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.3 The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

This capability does not necessarily preclude the use of compatible programming languages, libraries, services, and tools from other sources.

Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

Deployment Models:

Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)."

Cloud Computing Journal: How fast will the last remaining barriers to enterprise-wide cloud adoption melt away - are secure public clouds feasible, for example, or only private ones?

Terry Hines: Enterprise-wide adoption of cloud computing will blossom with the increasing bandwidth; the greatest limiting factor is speed of access - standards and security will trail the demand.

Cloud Computing Journal: What is the biggest new dimension of consumer cloud computing? Is it Cloud Telecoms, Cloud TV, Cloud Music, or what?

Hines: Consumer cloud computing will embrace the immediate feedback mantra - spatially local access to services, social contacts, and products.

Cloud Computing Journal: How much of an influence on cloud adoption is the US government's continuing support of cloud strategies for all government agencies?

Hines: The US government will focus services on key areas but stifle innovation - the challenge will be to leverage the government investment to meet the immediate needs in building blocks for the future.

Cloud Computing Journal: What impact does the arrival of Microsoft, Oracle, Dell, IBM, Cisco and the other giants have on the smaller cloud players?

Hines: The largest technology players provide leverage to bring greater focused value to our customers. The more we can rely on core services and technologies the greater the value we can bring as adopters to our customers.

Cloud Computing Journal: What can Cloud Expo attendees expect to see from you in Santa Clara?

Shares of these three companies climbed at least 13% in afternoon trading on an overall positive day for the technology sector.

Akamai, which runs a network that hosts and speeds up the delivery on video and other online content, rose by $3.32 a share, or 14%, to $27.10 after the company said late Wednesday that it expects to report fourth-quarter sales of $303 million to $315 million.

Analysts surveyed by FactSet research have forecast Akamai to earn 40 cents a share on revenue of $309 million for the company's fourth quarter.

Chad Bartley of Pacific Crest Securities said Akamai's forecast was better than expected, but recommended that investors "remain on the sidelines" as he is concerned about signs of slower traffic growth outweighing gains in the company's core content-delivery business.

Akamai also reported third-quarter income of $42.3 million, or 23 cents a share, on $281.9 million in revenue, up from $39.7 million or 21 cents a share on sales of $253.6 million a year ago.

Shares of Citrix rose $10.14, or almost, 16%, to $74.40, after the provider of virtual-productivity software delivered third-quarter earnings of $92 million, or 49 cents a share, on $565 million in sales, compared with a profit of $88 million or 46 cents a share on revenue of $472 million in the year-ago quarter.

Citrix's GoToMyPC, for example, allows employees to access their work computers from remote locations. Joel Fishbein, an analyst with Lazard Capital Markets, wrote in a note that Citrix's results show the company holding "a commanding market lead in the desktop-virtualization space," and that it stands to gain more ground with its online-services and application-networking businesses.

Citrix also forecast fourth-quarter earnings of 75 cents to 76 cents a share on sales between $610 million and $620 million.

LogMeIn also showed the resiliency of the cloud-computing sector, as its shares rose $4.67, or 13%, to $40.38 following its fiscal third-quarter report late Wednesday.

The company, which provides cloud-based networking software for businesses, reported earnings of $1.1 million, or 4 cents a share, on revenue of $31 million. In the same period a year ago, LogMeIn posted earnings of $4 million or 16 cents a share, on $25.3 million in sales.

Dropbox Bids to Find Entry in Businesses

Perhaps it should not have surprised corporate information technology (IT) departments that employees would use Dropbox, a service for easily sharing files among different devices by storing them in "the cloud." But that did not mean they loved the idea of confidential files on a service they could not control.

Now Dropbox is trying to appease them by selling a service for businesses, Dropbox for Teams, introduced Thursday.

Add Dropbox to the list of consumer technologies that have infiltrated the workplace, like iPhones, Gmail, and Skype.

"With the ability of people to get what they want to get done with stuff they pay for themselves, the whole role of IT changes," said Ted Schadler, a workplace analyst at Forrester Research. Still, the service has a way to go before large companies adopt it, Mr. Schadler said, "because it doesn't have as much security and administration as they want."

For Dropbox, one of the darlings of Silicon Valley with a reported $4 billion valuation from venture capitalists, its new service is a bid to buy paying customers and solidify its foothold in the growing file-sharing business.

It is competing with big companies like Google, Apple and Amazon.com, which offer increasingly sophisticated ways to store, share and sync files, and smaller ones like Box.net, YouSendIt and SugarSync. This month, Citrix Systems bought ShareFile and Research in Motion bought NewBay, both cloud storage services.

Dropbox allows people to access files, like documents, photos, and music, on any device wherever they are, without pesky zip files or hulking e-mail attachments. As people edit files, Dropbox updates them so a single file is available on all devices. Most people use it free and can pay for additional storage.

Dropbox, which started in 2007, has 45 million users who save more than two billion files each week. But it has scared some people, too. In June, a security breach left Dropbox accounts accessible for several hours, and a complaint filed with the Federal Trade Commission says Dropbox misled users about privacy.

Dropbox says it uses the same security measures as banks. Files are encrypted and Dropbox restricts its employees' access to files. But security is only as good as a user's password. Dropbox said it is working on two-step authentication, so people would enter a second password sent to their phone, for instance.

"These are all things we take very, very seriously because our reputation and the confidence and trust people have in Dropbox is what we'll succeed by," said ChenLi Wang, team leader for business and sales.

Millions already sign up with their work e-mail addresses and the company estimates that at least a million businesses use the service.

Dropbox for Teams, which starts at $795 annually for five users, has 1,000 gigabytes of storage and phone customer support, and gives IT departments control over adding and removing users.

SusieCakes, a California bakery chain, has been testing Dropbox for Teams to share petty cash reports in real time and to exchange documents with outside lawyers. The service is easier to use than options like Microsoft's file-sharing service, called Windows Live SkyDrive, said Houston Striggow, SusieCakes' co-founder.

"It's really proven for us to be a powerful business tool that's made us a lot more efficient and productive," he said.

But Schadler, the analyst, said that before it would get widespread business adoption, Dropbox needed features like security controls to automatically stop people from sharing confidential documents. Dropbox says it is working on new features, including extra security measures and collaboration tools.

Of Dropbox's competitors, Box.net has made the most headway in businesses, Schadler said. Google is also going after businesses with tools like Google Docs, which lets employees collaborate on the same version of a document, and Chromebooks, laptops that store everything online so people can access it from any computer.

Sujay Jaswa, Dropbox's Vice President of Business Development and Sales, said its service had an advantage over big companies because it enabled iPads, Android phones and PCs to work together. "You need a company like us that doesn't have a horse in the race to be there for consumers," he said.

Cloud Computing Drives Growth with Regional Telcos

NeoNova Network Services, an industry leader in managed broadband services, has seen significant growth in the demand for quality broadband cloud services and has added 15 new broadband service providers to the NeoNova customer base in 2011.

New customers come from a wide range of geographies with telcos from eleven states. The companies range from a small Tribal property in New Mexico to a large regional service provider serving nearly 10,000 square-miles in Oklahoma.

The advent of the Internet and the expansion of broadband into rural communities now allow these communities to compete at the same level as their more urban peers. Regional service providers now must deliver high-speed access to broadband at the same level of high-quality services as the larger national telcos.

With Google Apps now in use by more than 40 million people worldwide, smaller telcos have the opportunity to give their subscribers a world-class platform without investing in new hardware or infrastructure.

"Google represents innovation to the business community, and NeoNova provides the essential customer service and direct contact with local telcos," said Ray Carey, CEO of NeoNova. "In the end, the real chocolate and peanut butter moment was combining the powerful innovation machine of Google with the legendary customer service of our with independent telco partners."

Google Apps is integrated with NeoNova's NovaSubscriber provisioning platform to add significant value by enabling multi-tier administration support, customizable branding, parent/child relationships with e-mail, archive capability, account deletion requirements, password requirements, and Single Sign-On (SSO) capability. In addition, NeoNova developed a suite of customized data migration tools to make the transition to Google virtually seamless for both the ISP and the end user.

Cloud services are rapidly becoming the standard for many applications and businesses. Forrester reports that the global public cloud market is growing from $25.5 billion in 2011 to $159.3 billion in 2020. NeoNova's growth can be attributed to several trending factors such as the growing acceptance of cloud computing, the emergence of integrated platforms with smart-phones (e.g., Android), and the increased consumption of broadband.

"The value of using NeoNova as our platform to for not only email, but for all the other services our end-users need is powerful," said Kelly Johnson, Data Communications Manager at Pioneer Communications in Ulysses, KS. "They take the complexity out of delivering a complete solution to our customers and keep us innovative with a constantly changing broadband landscape."

Oracle Pushes into Cloud Computing with RightNow Deal

Oracle said it is buying customer-service software maker RightNow Technologies for $1.43 billion in cash, continuing a recent push into the fast-growing field of cloud computing.

The deal marks the first time Oracle has bought a company that sells application programs accessed primarily over the Internet, a segment known as software as-a-service (SaaS). The acquisition comes shortly after Oracle introduced several internally developed applications that are accessed in the "cloud," a catchall term for online data and programs.

Oracle made online software a centerpiece in its user conference earlier this month. The Redwood Shores, CA, company said it would launch its own "cloud" where businesses could store data and access programs. It also said that many of its own software programs would be available on its "cloud."

RightNow is another arrow in Oracle's online quiver. The Bozeman, MT, company's software is used by call centers and help desks to help improve customer service. It reported revenue of $186 million in the fiscal year ended in December, up from $153 million a year earlier.

In a press release and online presentation, Oracle said it planned to add RightNow's software to its own portfolio of online offerings, which include programs for managing sales and marketing and human resources. An Oracle spokeswoman declined to comment beyond the materials.

Oracle is purchasing RightNow as the market for online software has swelled, outstripping the growth in traditional software. Sales of online software, which was $10 billion in 2010, is expected to more than double to $21.3 billion in 2015, research firm Gartner said. Traditional software, which businesses install on equipment they own, is much larger - $104 billion in 2010, according to Gartner, but growing much slower.

"It's a sign of future acquisitions" for Oracle, said Ray Wang, an analyst at Constellation Research. He said Oracle may snap up more companies in the fragmented online software market, which currently doesn't have a large company that sells a wide variety of programs.

In another sign of growth for the online software segment, Workday, which makes online human resources software, said Monday that it raised an additional $85 million in venture-capital funding.

Recently, Oracle has acquired several companies that make technology that could be used to enhance other online software offerings. Last week, Oracle said it was buying Endeca Technologies, which makes tools that help businesses analyze data, for an undisclosed amount.

Oracle offered $43 a share for RightNow and said the deal, expected to close by early next year, is valued at about $1.5 billion net of RightNow's cash and debt.

Monday, Oracle shares were up 75 cents, or 2.3%, to $32.87 in 4 p.m. trading on the Nasdaq. RightNow shares were up $6.98, or 19%, to $42.94.

Reasons to Include Cloud Computing in Your Strategy

The issue of success or failure in moving your company data, IT storage, servers, or software to the cloud is often driven by technical issues, including performance, bandwidth, security, and total-cost-of-ownership (TCO) considerations. While many of these factors are key criteria for selecting cloud solutions, they usually don't align with the bigger picture that C-level executives must consider when adding new IT solutions.

How IT can help sustain or create a competitive advantage has never been more apparent than today through the use of cloud computing. This technology boasts benefits such as reduced costs and scalability, just to name a few, but many companies fail to find the right fit for cloud within their business.

This is because cloud computing is not one size fits all. Performance, network bandwidth, security, and total cost concerns can be allayed through a better portfolio and investment approach that considers the multitude of options available.

In industries where working capital bears a high price and is in short supply, businesses often have to make ends meet and have limited investment available. Therefore, being able to source the lowest cost and drive efficiencies even further is critical to growing business and market share.

For companies with limited working capital resource or cash flow funds, the use of on-demand services becomes an attractive option for consumers to avoid upfront costs or maintenance of services. Likewise, companies seeking to provide better profitability from their operation and vendors managing their cost center can leverage on-demand models to target areas of their portfolio to reduce cost and maximize return. When adopting cloud computing, companies are often driven by cost effectiveness, rather than looking at the bigger picture and asking what cloud solution is the best fit for the business. Cost savings, longevity of product, and performance aren't mutually exclusive, and all should be factored into the decision-making process when researching and purchasing a cloud solution.

Here are four questions, which include key metrics and drivers, to ask when researching cloud solutions that will maximize the value of cloud computing for your organization:

Why is investment being spent on areas of IT that are not differentiating your business and can be commoditized? Key Metric: The balance of percent of investment on non-core commodity IT. Key drivers: TCO needs to consider where to focus IT investment.

How can IT grow and adapt with the ever-increasing expansion of data storage and the growth of computing demands eclipsing on-premise facilities? Key Metric: The cost of storage and archiving, recovery and continuity. Key drivers: Latency of network and storage costs can be targeted through considering the whole IT portfolio, not just niche use cases of cost-performance. Look at the bigger picture.

How can access to new markets and new channels be better served through extending networks and partnerships? Key Metric: Size of markets and effectiveness of sales channels, both internal sales and external direct sales and reselling.Key drivers: Total cost of acquisition can include the creation or use of third-party distributed marketplaces and self-service portals and platforms.

Is your own IT fast enough to beat your competition or drive the cost savings or revenue and margin growth plans you need? Key metric: Speed of IT delivery and its cost and quality of service. Key drivers: Performance can be offered through selected service provisioning. Question whether all knowledge needs to be in-house. Skills can be as-a-service too. The Open Group recently published Cloud Computing for Business -The Open Group Guide to address many of these key questions. The book is intended for senior business executives and practicing architects responsible for defining corporate strategy, and it identifies how to select and buy cloud computing services to achieve the best business and technical outcomes.

Getting Cloud Security Right from the Start

Steve Durbin, Vice President of Sales and Marketing for the Information Security Forum (ISF) thought the issues around cloud security would have been nailed down by now, "but I couldn't have been more wrong," he told iTWire.

The ease of getting started with cloud services is a nightmare from a security perspective, he suggested. People on the business side of an organization can simply sign up and put the usually modest charges on their credit cards, bypassing (though probably not maliciously) the normal security procedures.

"The savings from using cloud services are huge," he said, but it's important they engage with the security team to get things right.

He relates the story of a large Australian retailer that started using Salesforce.com because it was so cost effective, but someone decided to upload certain data that wasn't needed for the intended use, and that action was in breach of the company's own security regulations. Once the security team found out, the data was removed.

Durbin suggests that business people tend to buy cloud services as they would buy consumer goods: most go out and buy the first fridge that looks about right, and only a few research the market carefully. Cloud suppliers, he said, should be treated like any other outsourcer.

How much trouble you should go to and the standards you should expect from providers depend on the importance of the project and the sensitivity of the data. In order to balance agility and flexibility with security, Durbin suggests the following four points are especially important.

1. Engage with the information security team (some organizations put it under risk management or governance) from the outset.

2. Agree with them what degree of security is needed for the project. It may be minimal, it may be complex, or it may be somewhere in between.

3. Decide how to validate the provider's security claims. An operator that applies a high level of physical security probably won't let you onto their premises to make your own checks, so you may need to rely on third-party certifications. If you're storing corporate data, you probably can't take the provider's word that its systems are secure.

4. Agree on termination terms. "Make sure you get all your data back" when the relationship ends. Durbin related an example of an organization that stored all of its customer data in a cloud system, but when the contract ended it couldn't retrieve the data because "that wasn't part of the agreement."

"The only time you've got any control is on the way in," he warns: the balance of power shifts to the provider once you have signed a contract.

He also suggests thinking carefully about the price being charged: "There's often a clue in the price - it's cheap for a reason." While that may be fine for some purposes, it is not in other situations. For example, a small business could probably lose access to its CRM system for a couple of hours and hardly notice. But if a bank's ATM network went down for a similar period, that would be considered a serious problem.

Durbin suggests it is easier to validate the security of an IaaS provider providing you ask the right questions. But SaaS is less tangible (much more of the total system is controlled by the provider, with little or no visibility for the client).

But investigating all these issues comes at a price, and you need to decide whether it is worthwhile given the importance of the data, the criticality of the process involved, and the magnitude of the expected savings from using a cloud service instead of keeping things in house.

The executive summary of the ISF report "Driving out the Seven Deadly Sins of Cloud Computing" is available here.

Examining Cloud Computing as a "Feature" and "Approach"

All year I've been saying that cloud computing is not really a technology. Since it's not very helpful just to say what something isn't, I've also been trying to say what cloud computing is, if it's not a technology or set of technologies. And I think at this point, I'm starting to think that it's a feature.

Here's why. "Cloudiness," if you'll forgive the expression, looks a lot like something that applications or systems can either have or not have, and in varying degrees. The individual product or services that form part or all of a given corporate application or system might be more or less cloudy, including some that can claim to be 100% cloud. The degree to which a service, product, application, or system uses cloud computing is one of its features.

Thinking of cloud computing as a feature seems kind of unsatisfactory, though. So perhaps we can combine this idea with another one that's unsatisfactory on its own: that cloud computing is a strategic approach. You can use more or less cloud computing for applications and systems at your organization based on the business and IT strategy you're following. And part of this will be to vary the kind of cloud you use, public, private, IaaS, SaaS, etc.

And then, on the acquisition level - once you've moved past the strategy and are implementing and managing it - you can evaluate technologies, vendors, and products in part according to their cloud-computing capabilities and features.

Seems simple, which is, I'm sure, illusory. We'll find out as we develop our next survey. I'll be sure to let you know.

Despite Need for Standards, Online Video Looks Bright

Standards. They are still the one of the biggest hurdles advertisers and publishers face in the online video business.

Standards have plagued online video since its infancy and remain an ongoing challenge, according to a new report released by ad network Brightroll.

When it comes to online video, brands want to know what they're buying, but they also want to be able to compare results to other campaigns, and they want to be able to deliver creative that works easily across multiple formats and sites.

While agencies and marketers may kvetch about standards though, the business is still experiencing skyrocketing growth. Many online publishers are expecting CPMs to rise, to the tune of a 15% bump in the fourth quarter, the Brightroll study found. That's a healthy sign that online video advertising continues to be a vital part of the new media ad ecosystem. In-stream video, such as pre-rolls, are the most popular formats amongst marketers.

These findings jibe with eMarketer's overall barometer of the health of online video. The research firm has said spending on online video advertising will rise 52% this year, to hit $2.16 billion.

The prevalence of online video ad networks and exchanges is boosting that growth. Nearly three-quarters of online publishers are selling about 20% or more of their ad space through ad networks, representing a two-thirds increase over last year, Brightroll found in its second annual survey assessing the use of ad networks and exchanges across more than 100 premium online publishers.

Interestingly, most sites use at least three or more ad networks, underscoring the important role ad networks do play in a publisher's ad sales plans, Brightroll said. Sites use ad networks to boost overall revenue, sell off remnant inventory, and improve their fill rates, the report said.

But the adoption rate of ad exchanges is much lower, according to the ad network's survey. While about three-quarters of publishers said they use exchanges, most use them use them very little. About half of respondents said they sell 5% or less of their space through exchanges.

Like everyone else, publishers are keen on the mobile opportunity. They recognize the huge growth in smartphone usage, but more than two-thirds of publishers said 5% or less of their inventory is mobile. This may hamper the growth of mobile video advertising, as well as the further expansion of online video buys to also include mobile.

Publishers say technical integration remains a hurdle for mobile, as well as standardization. I say if we can get Apollo 13 back safely from the moon, technology should never be the hurdle.

Netflix & Video Streaming Dominate during "Prime Time"

Online video sites like Netflix and YouTube may be slowly luring some North American entertainment seekers away from prime-time TV, according to figures from a report by the Waterloo, Ontario based company Sandvine.

The company analyzes Internet usage and found that 60% of all downloading traffic in North America during the peak period of 7 PM to 9 PM is tied to what it calls real-time entertainment applications. That percentage is up 10% from in 2010.

The most Internet traffic in prime time was associated with Netflix streams, which accounted for almost a third of all the data consumed in that two-hour window. That figure is up about 10% since the spring. Netflix's data consumption was nearly double the second biggest use of the Internet in prime time, which was basic web browsing.

Sandvine also notes that the majority of video and audio content is no longer being streamed to desktop computers and laptops. About 55% of multimedia transfers were being sent to game consoles, set-top boxes (STBs), Internet-connected TVs, tablets, and mobile devices.

When analyzing mobile traffic, Sandvine also found that most data usage during prime time was for real-time entertainment. About 30.8% of peak prime-time traffic came from video and audio streaming; the second biggest use of mobile data was for web browsing, representing 27.3%; and social networking traffic was responsible for 20% of downloads.

The most popular real-time entertainment sites include Netflix, YouTube, Hulu, Google Video, MLB.TV and the music streaming sites Spotify and Pandora.

Sandvine says the trend toward masses of consumers streaming high-quality video all at the same time is creating major headaches for Internet service providers and that may eventually translate into higher prices.

The report even suggests that ISPs may eventually consider charging a premium for downloads during prime time, or making it cheaper to consume large amounts of data in off-peak periods.

WeVideo Cloud Editing Comes to YouTube

YouTube now offers the cloud-based video editing platform WeVideo, as well as having made a few other tweaks to improve the service.

Some of the additional changes include an updated Charts page that makes it easier to find videos of interest, an improved playlist bar that makes video details and controls for visible, and a redesigned end-screen after each video finishes. YouTube also added localization for more countries (for a total of 35) and languages (51, including Croatian, Filipino, Serbian and Slovak).

WeVideo, which optimized its video editor for free use on YouTube, offers a drag-and-drop design interface for music, transitions, titles and other common options. It's browser based, with the resource-hogging process of rendering taking place in the cloud, so it can be used via smartphone or tablet as well as by computer.

Last week, WeVideo also partnered with Contact Summit, the event that focuses on people using technology to transform commerce, learning, and real-world problems through social evolution. Participants created a collaborative video project documenting the Occupy Wall Street demonstration, using the WeVideo option of allowing multiple users to upload videos to a unique URL with collaborative editing.

Based in Sunnyvale, CA, WeVideo was founded in 2011 by Norway-based Inspera.

"Social" TV App Zeebox Goes Live

As of this morning anyone can try Zeebox, the new interactive TV venture from Anthony Rose. Rose rescued the BBC's iPlayer and was chief techie behind YouView, formerly Project Canvas - prior to that he was Kazaa's CTO.

Zeebox works both as a TV remote control and a mobile app, providing a backchannel to live TV via the web. An iPad Zeebox app is available for immediate download, with more mobile versions to follow. Virgin isn't yet fully supported, but it can be used with FreeView and Sky.

The idea of interactive feedback isn't new: Tellybug already does a clapometer for shows such as "The X-Factor" and "Britain's Got Talent." But the Zeebox can do quite a bit more than chat and real-time feedback. It knows what's on TV. It can also be left running, aggregating data the company hopes will be useful to advertisers and TV companies.

If the remote works as promised - we haven't tried it yet - it stands a good chance of becoming a valuable business, as the main portal for the "second screen", with people engaging via laptops or mobile devices while they watch TV. People already do this, but it's messy. And in the future it isn't hard to imagine people flipping through tags on a mobile, rather than channel surfing, to see what's on.

It's some way short of being the perfect TV app - that would record shows for later and allow you to retrieve them - but it is very well done.

Coming Events of Interest

Future of Film Summit - November 7th-8th in Los Angeles, CA. An exclusive group of industry thought-leaders discuss the current state of the industry, and how film and transmedia deals will be struck in the coming years. This is a unique opportunity for creatives, producers, buyers, and film financiers.

Streaming Media West - November 8th-9th in Los Angeles, CA. Attended by more than 2,500 executives last year, SMW covers the entire online video ecosystem from content creation and management, to monetization and distribution. The number-one place to come see, learn, and discuss what is taking place with all forms of online video business models and technology.

World Telecom Summit 2011 - November 9th-11th in Singapore. The 2011 program will focus on topics that demonstrate innovation across the telecommunications industry, both on a commercial and technical level, to improve profitability and quality of next generation technologies and customer experiences.

Future of Television - November 17th-18th in New York, NY. Top television and digital media industry executives discuss the increasing importance digital media for the future of the television industry. Topics include viewer trends; programming for non-traditional platforms including online video, VoD, HD, IPTV, broadband and mobile.

2012 International Consumer Electronics Show (CES) - January 10th-13th in Las Vegas, NV. With more than four decades of success, the International CES reaches across global markets, connects the industry and enables CE innovations to grow and thrive. This is the world's largest consumer technology tradeshow.

CONTENT IN THE CLOUD at CES - January 11th in Las Vegas, NV. Gain a deeper understanding of the impact of cloud-delivered content on specific segments and industries, including consumers, telecom, media, and CE manufacturers.

CLOUD TECHNOLOGY CONFERENCE at NAB - April 16th in Las Vegas, NV. Don't miss this full-day conference focusing on the impact of cloud computing solutions on all aspects of production, storage, and delivery of television programming and video.